Self-hosting Threema Safe

12. Feb 2019

What is Threema Safe?

Threema Safe is the messenger Threema's solution to back up your encryption ID and other things so they don't get lost once either you decide to smash your phone against a nearby anvil or the phone itself decides to die unexpectedly.
From this backup you can restore the aforementioned things into a new Threema-installation.

How does it work

Threema Safe regularly backs things up into a WebDAV-directory of choice. By default the Threema-Server is configured for this, but any WebDAV-server, from a standard webserver to a Nexcloud, can be configured as a backup target.

Server-side setup

As a standard webserver can be used as a backup target, we will show the necessary configuration for an nginx to act as a valid backup server for Threema Safe.

In the root of the WebDAV-folder create a folder (optional) with two things present (not optional):

a file config

a directory backups that must be writable (and likely readable for restore)

The config-file reads:

{
"maxBackupBytes": 524288,
"retentionDays": 180
}

This concludes the server side backup.
If you want to verify that the WebDAV works correctly, you can use either WebDAV-capable file managers like Nautilus, or use command line tools like cadaver to check.

Client side setup

In Threema, go to the menu and select "My backups".
Activate Threema Safe and tap on "Expert Settings", there you can enter your custom server.
In our example, this would be https://some.arbitrary.domain/threema_safe.
If you configured your nginx to require authentication, specify your access credentials.
Then tap "Backup now" and you should be good to go!